Lulzboat runs aground, they're done

A surprise official tweet from the LulzSec crew just a little while ago:

http://pastebin.com/1znEGmHa

. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!

.-- .-""-.
. ) ( )
. ( ) (
. / )
. (_ _) 0_,-.__
. (_ )_ |_.-._/
. ( ) |lulz..\
. (__) |__--_/
. |'' ``\ |
. | [Lulz] \ | /b/
. | \ ,,,---===?A`\ | ,==y'
. ___,,,,,---==""\ |M] \ | ;|\ |>
. _ _ \ ___,|H,,---==""""bno,
. o O (_) (_) \ / _ AWAW/
. / _(+)_ dMM/
. \@_,,,,,,---==" \ \\|// MW/
.--''''" === d/
. // SET SAIL FOR FAIL!
. ,'_________________________
. \ \ \ \ ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
. _____ ,' ~~~ .-""-.~~~~~~ .-""-.
. .-""-. ///==--- /`-._ ..-' -.__..-'
. `-.__..-' =====\\\\\\ V/ .---\.
. ~~~~~~~~~~~~, _',--/_.\ .-""-.
. .-""-.___` -- \| -.__..-

Friends around the globe,

We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow...

Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe

------------------------------------------------------------------------------------------------------

Our mayhem: http://lulzsecurity.com/releases/
Our chaos: http://thepiratebay.org/user/LulzSec/
Our final release: http://thepiratebay.org/torrent/6495523/50_Days_of_Lulz

Please make mirrors of material on the website, because we're not renewing the hosting. Goodbye. <3

---

 

I'm sure this has nothing to do with the fact that multiple members have been arrested.

 

I'd say likely not ... they've taken on survivors from other locations:

Sabu is still tweeting, looks like all that's really happened is that they've hung a "Under new management" sign in the window.

AnonymousIRC AnonymousIRC
We like to assure all fellow Lulz Lizards that #AntiSec and #Anonymous will continue to sail the stormy seas for booty and Lulz. LET IT FLOW
»
The Real Sabu
anonymouSabu The Real Sabu
by AnonymousIRC
We are working under the #antisec flag now gentlemen. LulzSec will live on forever as a successful operation. Much love to all
»
AnonymousIRC
AnonymousIRC AnonymousIRC
@LulzSec may fade away but all fellow lizards can rest assured that #AntiSec will not. LulzSec was our vanguard, now it's time to sail free!
»
The Real Sabu
anonymouSabu The Real Sabu
by AnonymousIRC
@LulzSec Good work my brothers. 50 days of unstoppable action. Now onto #antisec irc.anonops.li for another 50

 

My take is that they just wanted to go a little lower profile and melt back into Anonymous and not have to deal with the th3j35t3r & TeaMp0isoN_ b.s.

 

Bit late for that really, the damage has been done. The best thing they can possibly do now is shut the hell up, stay off Twitter and stop being media whores. I also wouldn't get into too many fights with rival groups.

 

Heh. No such luck ... they've merely changed their name to somebody else I suppose to ditch the press. They're busy distributing the source code for the zeus trojan now so that the followers-on can write their own variants.

Lulzboat's twitter is now lulzb0at (how clever), they're now running also a school4lulz, and of course antisec, anonops and lolhackers are still going strong. So just when I thought I could catch a break in the action and catch up with some real business, the roaches are scattering ...

 

If they continue to be publicity seekers to the extent they have been, no amount of name changes is going to help. I'm not sure why Twitter hasn't shut their account down, unless it's wanted for their account to stay up. In any case, again, some little piggy out there will squeal, rivals will obliterate them, whatever. Something will happen, and there won't be any "lulz" to be had. It may take longer than most want, but it'll happen.

 

Heh. Gotta love the media. It's the weekend and the slackers are flinging their angry birds. Even infosecisland has nobody home "tonight," been trying to raise someone there, at Reuters and a few other places to no avail ... Therefore ... I suppose I'll just publish here ...

Rumors of luzsec's demise greatly exaggerated

The media has been reporting that Lulzsec has folded. They've merely gone underground and are regrouping. @Lulzboat on twitter has now become @lulzb0at and combined with anonops and antisec, releasing the following announcement on their IRC subchannels:

About AntiSecPro Security Team

Server: irc.anonops.li
Channel: #antisecpro
This Channel is invite only so if you want to ask questions please /msg antisecpro

If you are thinking of being a member or helper of our team please understand that this isn't going to be some kind of immediate start hacking group. Currently we are developing structure and hierarchy. This will most probably be a slow moving, carefully thought-out process in order to ensure that the founder and co-founders agree on the progress/direction. Any person, helper or other individual can offer suggestions covering agenda, direction, structure and protocol of operation. Only individuals who are respectful, drama free and not impeding progress will be allowed involvement with our team regardless of status. The end goal is to be a team powerful/versatile group of serious like minded/structured peers. It is very important that any member of this team to not offer or expose any type of information that may identify themselves. It is also strictly prohibited to ask for any information about an individual which at minimum includes, name, location, picture and gender rather it be to the individual personally or via another source. It is your responsibility to protect this information, also to report to one of the founders so measures can be addressed.

As far as our general agenda, we stand for nothing and everything. We will never accept any sort of label or common stereotype such as white,black or gray hat hackers. Our team will never be labeled a hacking group, only a security team. This does not mean we are obligated in any way to restrict affiliation with any type of other security individuals or teams whether it be illegal or legal. This group is about education and real life exercise of what we know and learn. We considering computer security and hacking equally correlated to each other. Consider the well known saying "necessity is the mother of all creation". Necessity represents "the process of discovering the insecure" and mother represents "Security", to protect. The process of penetration, exploitation and hacking only progresses the necessity for better security and product development. This promotes more advanced technology and a better experience for the majority of computer users.

This is all for now! Welcome to AntiSecPro Security

---

The new operation has even opened up a school for new "hackers" at:

»lolhackers.com/school/

Therefore, be advised that LulzSec hasn't gone away, they've merely performed yet another diversion and are regrouping. At their school are numerous IRC logs of lessons on SQL injection, html attacks and presumably more. They have also handed out source code for numerous attacks including code for the zeus banking trojan for their bot-herders to make use of. More releases from the LulzSec operation will likely be available before Monday as well and the usual suspects are hard at work in their new role "for the next 50."

---

About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( »www.knosproject.com ) and has been in antimalware research and security product development since 1996.

 

Re: Lulzboat...Hi Kevin - OT

Just a quick OT reply. Hi Kevin, haven't heard from you for awhile. I remember a year or so ago, that you were working on a BSD derivative, nice to see that you got it up and running.
I guess the "hacker hunting" is still in your blood couldn't resist the lulz crew eh?
BTW, I still have my BOClean 4.22 still in a folder somewhere, even though I have since moved on from win. I must admit, I don't miss Bill or Steve at all.

 

The Lulzboat is sinking fast. They have not apprehended them yet but since they have been ratted out by the community it won't be too long. It will be an interesting read the next few days, weeks. At least Assange was smart enough to save the juicy info as a blackmail against agencies. The boat has nothing but trouble for being stupid and being targets themselves. It's amazing how they waged war and taunted every other group and not all of a sudden has an about face, and welcomes "hats of all colors". Talk about in denial. It's also painfully obvious that the new releases are not from the same individual. You don't go from speaking like a 9th grader to someone who actually can write coherently in 1 day or 1 week. Either Sabu is finally sending his drafts to someone else to proofread or someone else is doing the writing and calling the shots completely. I am guessing the latter since he is probably limping back to Anonymous begging or help, less he starts needing to watch his back every time he drops the soap. How's that for lolz.

 

"Why did LulzSec quit? One member: "Boredom" ": http://www.pcmag.com/article2/0,281.../pcmag/breakingnews (PCMag.com Breaking News)

Sure!

 

Only problem is that they didn't quit, they merely changed their name and became somebody else. So far today from what I've seen at http://twitter.com/#!/AnonymousIRC and http://anonnews.org/ they're busier than they were as lulzsec, and there's many more of them now than there was. And LOL, their booty from their "50 Days of Lulz" package had more trojans in it than a virus lab.

They've merely gone underground now and have attracted some actual exploit talent, people who can actually write code. Sadly, this isn't the end - it's the beginning of another wave. And apparently those in the server farms learned no lessons here at all.

 

Corporate bottom lines come before anything else, that's the problem, and it will likely continue being the problem. Only by hitting wallets can you make things change. On the subject of the "new and improved" Lulz crew, adding more talent makes you more dangerous and capable, but the bigger the circle, the more likely you find yourself with a snitch. I personally think that is the way it's going to end, someone will get mad at someone else, or someone is going to get spooked, and down goes the Lulz boat.

 

Any one else notice that by creating a hierarchy they are no longer decentralized and thus can now be "shutdown" by law enforcement? (not that they couldn't be before).

They are moving backwards if anything and making it easier for the law to catch them (and anyone else who wants to).

Also this is when we hijack the Zeus source code and re-write it to erase all known variants when it spreads (like an anti-virus that spreads to systems like a virus but patches them instead of infecting them )

 

The Lulz stops here.

Some are saying the A-Team had a big hand in the Lulzboat docking for good.

 

Security Vendor Applauds LulzSec Attacks.

-- Tom

 

I'm sure that'll bring in some business. Not.

There's not all that much that security software can do when the problem is google indexing what the skiddies need and site admins dumb enough to leave it all in plain sight.

In a couple of hours, my column on infosecisland.com will appear entitled "Google is your friend (if you're a lulzer)" ... there's the problem. Antiviruses and pen testers can't solve that one.

 

*

Since HackerDefender days i've been saying that LOTS of IT etc people need a good "Talking" to, or better, That was 5-6 years or so ago & still they never learn ? What's worse is that the people who employ them on NOT minimum $ seem to be oblivious to ALL the hacks etc that have happened, or don't think it could/will happen to them, or don't care !

Also i get the distinct impression that a Lot of IT peeps are lazy and/or incompetent Well it's long overdue that they got kicked out on the streets & are never allowed near servers etc ever again. Either that or they get their act together Very quickly & start earning those $

 

In a galaxy, far far away, I used to be a glass room geek back in the days of Lantastic, Netware, real Solaris and early Linux. Simple rule back then was that if you didn't want it to be seen, don't put it on shares or the intarweb. As time wore on, I saw the client side as the real threat and decided to park my butt handling the "bigger threat." Now all these years later to my ultimate dismay, I'm seeing that the other side is as bad off as the one I chose to defend lately.

Worst part of all though is how easily this could have been avoided if only somebody was paying attention. But the lessons have been useful for me personally - this all resulted in substantial code auditing of what I'm doing now and although everything passed muster, I'm glad I was inspired to check so carefully even though nothing has turned up on my side of the world. What I'm doing now though goes with the proposition that the security has to be built into the box itself since you never know what's on the other side of the screen. Looks like server side needs to be doing what I've been doing on my side too.